CVE-2023-37892

CVE-2023-37892 describes a CSRF vulnerability in the WordPress plugin PluginPress Shortcode IMDB affecting versions <= 6.0.8 . The vulnerability is unpatched per Wordfence details; exploitation would involve convincing an authenticated user to perform an unwanted action on behalf of an attacke...

PT-2023-26163 · Pluginpress · Pluginpress Shortcode Imdb

Name of the Vulnerable Software and Affected Versions: PluginPress Shortcode IMDB plugin versions 6.0.8 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...

WordPress Simple Social Page Widget & Shortcode Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple Social Page Widget & Shortcode Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0903d51f92c2 Credits Rafie Muhamm...

WordPress Plugin Shortcode IMDB 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Five-Star Ratings Shortcode Plugin < 1.2.48 is vulnerable to Cross Site Scripting (XSS)

Software Five-Star Ratings Shortcode Type Plugin Vulnerable versions 1.2.48 Fixed in 1.2.48 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed6e5abc9527 Credits Rafie Muhammad...

Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery

The plugin does not properly implement anti-CSRF mechanisms, making it vulnerable to potential CSRF attacks...

WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Shortcode IMDB Type Plugin Vulnerable versions = 6.0.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37892 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f272d08c4cd6 Credits yuyudhn Required...

Forminator < 1.24.4 - Reflected XSS

The plugin does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. 1. Create a "Contact Us" form from the plugin presets 2. Click on the Message field, go to the "Settings" tab and choose a nam...

CVE-2023-1273 ND Shortcodes < 7.0 - Subscriber+ LFI

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...

CVE-2023-2068

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068

The CVE-2023-2068 issue affects the WordPress File Manager Advanced Shortcode plugin (versions

WordPress File Manager Advanced Shortcode Plugin <= 2.3.2 is vulnerable to Remote Code Execution (RCE)

Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2068 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f57871788c33 Credits Mateus Machado Tesser...

CVE-2023-29436

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

CVE-2023-29436 WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

CVE-2023-29436 WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

CVE-2023-29436

CVE-2023-29436 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Flyn San IFrame Shortcode” (Flynsarmy iframe shortcodes) affecting versions ≤ 1.0.5. The issue requires authenticated access (Contributor+), and exploit occurs via the plugin’s shortcode handling, enablin...